Devices such as Customer Premises Equipment (also known as customer-provided equipment) (CPE) often require one or more preset device-specific passwords to be visible and known to a user of the device such that on first (and potentially also subsequent) uses of a protected function(s) of the device, the user may enter the password in order to access a protected function(s) of the device. Such passwords might include at least one of:                Wi-Fi security password(s) and/or PIN(s) (for example, for Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), Wi-Fi Protected Access II (WPA2), Wi-Fi Protected Setup (WPS), etc);        administrative password(s) for access to a web-page management console; and        password(s) for remote access to the device from the Internet (not just from a Local Area Network (LAN)).        
Current means by which the password(s) are set and then given to a human user include:                setting a generic preset password for all manufactured devices and displaying the generic password via a screen on the device and/or printing the generic password on the device and/or on some associated label, documentation or sticker; or        generating and setting a unique preset password for the device and displaying the unique password via a screen on the device and/or printing the unique password on the device and/or on some associated label, documentation or sticker.        
Generic preset passwords may create numerous security risks, because if users do not change the default password to their own, new password, the protected functionality of the device may easily be accessed by anyone with knowledge of the generic password.
Generating and setting a unique preset password for each device incurs a significant logistical overhead for the device manufacturer. The device manufacturer must generate and set the unique password, which increases the complexity and cost of manufacture.
Producing any associated unique label, documentation or sticker, to communicate the unique password to the user also increases costs. Furthermore, many devices would not usually have their own screen and providing one for displaying the unique preset password (as an alternative to printing the unique password) would also increase costs and/or compromise the form-factor of the device. The device manufacturer should also provide the unique preset password to a supplier of the device so that the unique password can be provided to the user in the event that the label, documentation or sticker are lost; this further increases costs, and creates a risk of bulk compromise of passwords.
There may also be significant security risks associated with unique preset passwords. Because the password will usually be displayed on or near the device, any person in close proximity to the device (for example, a visitor to the device owner's premises) will see (and may record) the password. Furthermore, anyone who steals the device will also have the password. Furthermore, there may be uncontrolled use of the password (for example, by minors, etc). Furthermore, if the device is re-sold, the original owner may retain a copy of the preset password such that if the new owner maintains the present password, the old owner may continue to access the protected function(s) of the device.
While it might be possible for the user of the device to change the preset password to one of their own, in practice users generally do not. In any case, regardless of whether a generic preset password or unique preset password is used, device manufactures will usually include a mechanism by which the device can be restored to factory settings (for example, by pushing and holding a power button etc), for use in the event that the user has set their own password, but then forgotten it. Again, this may be used by visitors, thieves, unauthorised parties etc to return the password to that displayed on or near the device in order to access the protected function(s).
Therefore, there is a desire to establish an initial password for a protected function(s) of a device and communicate that to a purchaser of the device with improved security at a minimum of cost.
U.S. Pat. No. 8,347,355 B2 describes techniques for establishing an initial password to enable a customer to validate a new CPE such that the CPE may be correctly configured by a management server. U.S. Pat. No. 8,347,355 B2 is particularly concerned with a scenario whereby a customer is supplied with a CPE for business purposes. IT staff or an administrator of the customer's employer set a one-time password that they give to the customer and add to a database with various details of the customer, such as a policy for the customer. As part of the validation process, the customer must enter their one-time password into a browser.
If the password matches the password stored in the database, the CPE may be configured by the management server according to the customer policy saved in the database.
However, in this example, it is necessary for IT staff or administrators to set a unique initial password, store it in a database with corresponding customer information and then securely communicate the unique initial password to the customer. This represents a significant overhead and may suffer from security weaknesses if the customer does not properly look after their initial password, as explained above.